Lotte Card Co., a major financial services provider with approximately **9.6 million members**, suffered a **severe data breach** far worse than initially estimated. The incident involved the **unauthorized leak of personal customer information**, including **card transaction records**, exposing a significant portion of its user base. Financial authorities, including South Korea’s **Financial Supervisory Service (FSS)**, confirmed the breach’s expanded scope after an ongoing investigation. The FSS, led by Governor **Lee Chan-jin**, has been urging financial institutions to strengthen cybersecurity measures, but this incident highlights persistent vulnerabilities. The breach follows a pattern of **large-scale cyberattacks in the financial sector**, with prior cases like **SGI Seoul Guarantee** facing similar hacking incidents. The exact number of affected customers remains undisclosed, but the leak’s severity suggests **widespread exposure of sensitive financial data**, raising concerns over fraud, identity theft, and reputational damage. Authorities are finalizing their probe, with findings expected to be released imminently.
Source: https://en.yna.co.kr/view/AEN20250917001500320
TPRM report: https://www.rankiteo.com/company/lotte-card
"id": "lot2584025110725",
"linkid": "lotte-card",
"type": "Breach",
"date": "9/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Large portion of 9.6 million '
'customers',
'industry': 'Financial Services',
'location': 'Seoul, South Korea',
'name': 'Lotte Card Co.',
'size': '9.6 million members',
'type': 'Financial Services (Credit Card Company)'}],
'data_breach': {'data_exfiltration': 'Likely (under investigation)',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['personal information',
'card records']},
'date_publicly_disclosed': '2024-09-00',
'description': "Lotte Card Co.'s data breach was found to be more severe than "
'initially estimated, with personal information, including '
'card records, of a large portion of its 9.6 million customers '
'potentially leaked. The Financial Supervisory Service (FSS) '
'is investigating the incident, with results expected to be '
'announced soon. This breach is part of a series of cyber '
"incidents in South Korea's financial sector, highlighting the "
'need for improved cybersecurity measures.',
'impact': {'brand_reputation_impact': 'High (part of a series of financial '
'sector breaches)',
'data_compromised': ['personal information', 'card records'],
'identity_theft_risk': 'High (personal information leaked)',
'payment_information_risk': 'High (card records compromised)'},
'investigation_status': 'Ongoing (results expected to be announced by the FSS '
'within the week of 2024-09-17)',
'recommendations': 'Financial firms urged to strengthen cybersecurity and '
'better protect customer data (per FSS Governor Lee '
'Chan-jin)',
'references': [{'date_accessed': '2024-09-17',
'source': 'Yonhap News Agency'}],
'regulatory_compliance': {'regulatory_notifications': 'Financial Supervisory '
'Service (FSS) involved '
'in investigation'},
'response': {'incident_response_plan_activated': 'Yes (investigation ongoing '
'with FSS)'},
'title': 'Lotte Card Data Breach',
'type': 'Data Breach'}